Jump to content

Mail too old trick


Recommended Posts

lately almost all the spam mail sent to me on spymac.com domain it seems spammers are somehow purposely bouncing and delaying it somehow to where I actually get the mail like 3-4 days late. So i can report it instant it's received on my end and spamcop refuses it for being too old. i get normal mail addressed to me by non spammers without delay so somehow spammers are exploiting spymac or something to make mail show up late. it's becoming more and more common. Was wondering how this is being done and how can i report this mail if spamcop refuses it?

Link to comment
Share on other sites

lately almost all the spam mail sent to me on spymac.com domain it seems spammers are somehow purposely bouncing and delaying it somehow to where I actually get the mail like 3-4 days late. So i can report it instant it's received on my end and spamcop refuses it for being too old. i get normal mail addressed to me by non spammers without delay so somehow spammers are exploiting spymac or something to make mail show up late. it's becoming more and more common. Was wondering how this is being done and how can i report this mail if spamcop refuses it?
Unfortunately, the most likely "culprit" is your own provider(s). The parser looks for the time stamp when the spam was handed to your chain of input (or the last hand on). Which (usually) is put there by the guys you pay for your service, the spammers have no way to touch it. Maybe you would like to post a Tracking URL of one of these cases, out of your "Report History". Someone can then help you interpret where the delay is and from that, who needs to fix something. Well, that's the 'usual' scenario - always possible your case could be something more weird but the tracking URL will help pin down whatever it is in any case.
Link to comment
Share on other sites

From Reported post PM:

next one i get i can post the header here, but spamcop doesn't ev en take the emails cause they show as being older than 2 days, so there isn't a report being made/tracked
It may depend on how you submit them, but the tracking URL is likely also the URL of the page giving you the error about being too old.

I just tried a few different submission methods and every one of them provided the tracking URL at the top of the page. The same "code" (x in my example below) saved from the actual URL showing you the error will likely work as well.

SpamCop v 640 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved.

Here is your TRACKING URL - it may be saved for future reference:

http://www.spamcop.net/sc?id=x

As a side note, I would really like to determine IF and how these "too old" messages can get generated without a tracking URL. I have never been able to replicate it, but many people have claimed it is so. I believe people just do not know what they are looking for, so assume it is not there.

Link to comment
Share on other sites

NOTE: the "Report" button is used to notify Moderators of objectionable content found within these forum pages.

There is a similar theme that has travelled the ages on this type of scenarion. In general, the story goes that an ISP has inserted some filtering, usually including some hardware. incoming e-mail that looks, smells, tastes like spam gets shuttled off to this other system for further analysis. The problem then comes in that with the typical 90%+ of all incoming e-mail being spam, that other system is very bogged down, which then feeds into the 'delayed' syndrome.

like any other previous discussion here about a specific spam, situation, there is no way for anyone here to guess at what's going on at your end .... some data must be made available. if you're not going to provide a tracking URL, then some headers would need to be provided.

You could do this analysis yourself, comparing the differences between e-mails that showed up late and e-mails that arrived 'on-time' .... see just where the delay / differences lie.

Link to comment
Share on other sites

I've been getting spam today which is dated two-three days ago and of course

can't be reported through SpamCop. There is one "dated" 1/1/2002

Is this a ploy by the spammers?

Probably not - did you look at the recent topic http://forum.spamcop.net/forums/index.php?showtopic=8330

[Added] By the way, the dates used by SC are those stamped in the first "good" received trace in the headers. That can mean different things but it usually means the obviously forged headers are ignored. You should find/have found the 1/1/2002 case goes through the parser without a murmur, using the date/time around the start of "your" receipt chain (the addresses recognized in your mailhosting, if you have mailhosting). The ones a few days old are more likely to be real and based on delays in your supply chain. Anyway, the way to tell is to try submitting them. Then if you have problems/questions come back with tracking urls. Since you haven't been back to check, merging with the above mentioned topic.

Edited by Farelf
Link to comment
Share on other sites

  • 1 month later...
I now had two spams where SC parsed the date 25. January 2007 from the headers and said that this mail is too old. I definitly think this is a new method of spammers to avoid SC.

Yet again, no data provided ..... had the entire Topic been read, one would have noted the "provide a Tracking URL, if that's not possible, then the headers of oe of these e-mails" such that there is actually something to discuss in detail ....

Will also note once again that the Parsing results are different between a MailHost Configured account and a non-MailHost Configured account .... yet none of the 'complaining' posters are yet mentioning this detail either .....

Link to comment
Share on other sites

Well, from a cursory check it looks like a trusted site, nfrance.com, receives the mail and honours the forged sending time and then passes that time forward instead of stamping the actual time. There is then an internal hand-off where the correct time is stamped but, by then, it is too late. The false date has been stamped by a trusted provider.

Or else, nfrance.com has held these mail items for seven months but that seems less likely :-)

Andrew

Edited by agsteele
Link to comment
Share on other sites

Tracking URL identified as spam 4 .. as tun through a non-MailHost Configured Reporting account;

http://www.spamcop.net/sc?id=z1363209191z3...fe0f445aebac4cz

While showing that the timestamp issue is once again based in thre MailHost Configured section of the Parsing code .... the results show yet another "problem" .... as agsteele points out, there is a 'tusted' server in the mix .... unfortunately, this server is being abused.

In this case, some specific follow-up to te Deputies would be in order if you want to pursue this issue.

Hmmm, interesting .. my original parse resulted in a "nomaster" /dev/null addrress ... the cancelled parse shows no sign of that issue ... wierd ...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...